Loading...

Knowledge Center


ePolicy Orchestrator 4.x installation/patch upgrade checklist for known issues
Technical Articles ID:  KB71825
Last Modified:  6/26/2015
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 4.x

Summary

The following is an upgrade checklist for known issues with full product installations and patch upgrades for ePO 4.x.

Intel Security recommends that you perform these operations directly on the ePO server and not through a remote connection. If you must use a remote connection, ensure that you are connected using the console session (session 0).

 
Back up your ePO server
For information on the ePO backup and disaster recovery procedure, see KB66616.  

NOTE:
Include server.ini, siteinfo.ini, sitelist.xml, and sitemgr.xml under the DB directory.

Review the product or patch release notes for known issues and new features
For a full list of product documents, go to the ServicePortal at: http://support.mcafee.com. Click Knowledge Center, and select Product Documentation from the Knowledge Base list.


Ensure that the ePO server has enough hard disk space for the upgrade
  • System Temp folder - Requires 2 GB or more.
  • ePO Installation folder - Requires the same size as McAfee\ePolicy Orchestrator folder.

    NOTE: If the ePO server is installed in C:\Program Files\McAfee\ePolicy Orchestrator, and the ePolicy Orchestrator folder is approximately 1.5 GB in size, the required available hard disk space in the C drive will be 1.5 to 2 GB.

Disable ePO 4.x server tasks and any Windows scheduled tasks that may be set to run on the ePO 4.x server
Disable any tasks that would interfere with the installation (such as purge events, pull tasks, and replication tasks).

For information on editing tasks, see the ePolicy Orchestrator 4.6 Product Guide (PD22975).
 
Disable Windows updates
Disable Windows updates to ensure they do not interfere with your ePO installation or upgrade. For more information, see http://windows.microsoft.com/en-US/windows-vista/Turn-automatic-updating-on-or-off.
 

Disable third-party software
Disable any software that automatically restarts services on your ePO server.


Ensure correct account permissions
The account used to access the SQL server must have the following permissions:

Default database must be master:
  1. Click Start, Programs, Microsoft SQL Server <version>, SQL Server Management Studio.
  2. Expand Security, Logins
  3. Right-click the account and select Properties.
  4. Ensure the default database is set to master.
  5. Expand User Mapping and ensure that the account has dbo in the schema for the database.
This account must be the db_owner in the database security properties:
  1. Click Start, Programs, Microsoft SQL Server <version>, SQL Server Management Studio.
  2. Expand Databases, your ePO database, Security, Users.
  3. Right-click the dbo account and select Properties
  4. Ensure that the account has dbo in the Default schema for the database.
If you use an NT account to authenticate to the ePO 4.x database, ensure that account has Local Admin rights on the ePO 4.x server.

See KB75766 for detailed information on the required SQL permissions.
 
 
Ensure Auto Close is set to False for the ePO database
  1. Click Start, Programs, Microsoft SQL Server <version>, SQL Server Management Studio.
  2. Right-click the ePO database and select Properties.
  3. Click Options and ensure Auto Close is set to False. If not, click Auto Close, select False, and click OK.

Export your current policies
Use the Export function in ePO to back up your existing policies. For information about exporting policies, see the ePolicy Orchestrator 4.6 Product Guide (PD22975).
 

Ensure the SQL browser service is running
  1. Click Start, Run, type services.msc, and click OK.
  2. Locate the SQL Server Browser service and ensure that it is started and running.
  3. If not, right-click the SQL Server Browser service and select Start.
Ensure SQL Force Encryption is disabled in SQL server environments, if it is enabled
  1. Click Start, All Programs, Configuration Tools, SQL Server Configuration Manager
  2. Right-click Protocols for <instance_name> (MSSQLSERVER by default) under SQL Server Network Configuration and click Properties.
  3. Click the drop-down option for Force Encryption and select No.
  4. Click OK.
Enable TCP/IP on the ePO 4.x server
  1. Click Start, Run, type Cliconfg, and click OK.
  2. Ensure the TCP/IP protocol is Enabled and at the top of the Enabled protocols by order list.

Verify the correct DB collation is set on the SQL server
ePO 4.x uses SQL_Latin1_General_CP1_CI_AS as the default collation for the database when an upgrade or fresh installation of ePO is performed.

To verify collation in SQL Server:
  1. Click Start, Programs, Microsoft SQL Server <version>, SQL Server Management Studio.
  2. Log on to the server using Windows Authentication or SQL Server Authentication, as applicable.
  3. In Object Explorer, expand Databases and locate the ePO database.
  4. Right-click the ePO database and select Properties.
  5. Review the Collation field in the General page. 

In a pure IPv6 environment, ensure that only IPv6 is enabled on the SQL server that hosts the ePO database.

 
Ensure that the ePO admin and SQL account usernames and passwords meet the criteria described in KB66286.
 
Perform a preventative measure to avoid Tomcat failing to stop
Perform this step only when you are ready to start the installation.
  1. Click Start, Run, type services.msc, and click OK.
  2. Stop the ePolicy Orchestrator Server Service and ePolicy Orchestrator Event Parser Service.
  3. Restart the ePolicy Orchestrator Application Server Service.
  4. Right-click the installer setup.exe and run it as an administrator.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.